[luau] RH 9 server hacked -- what went wrong?

[Yuser]

On Fri, 22 Aug 2003, Keith wrote:

> Firewalls are your friend.  These days they are so cheap, even for home
> use, that there is no reason not to have one.  It is in your best
> interest to have one, set up an inbound default policy of DENY for at
> least all priveledged ports and only open up those that you absolutely
> need.  Then, if you get hacked, it would be easier to determine the
> vulnerable service.
> 

Good advice but do you know of any of the cheaper home units (SMC, 
Netgear, Siemens, Dlink, Linksys etc..) that can actually be configured 
with default DENY?  
Everyone I have seen is default allow and you block from there.  You can 
block various things like IRC and SMTP but you have to do it manually.  I 
have a few floppy linux routers that I mess with that are default DENY 
but they each have disadvantages too.   
A cheap self contained router/firewall that had the 
ability to default deny, block by IP and range, block by DNS name, and 
block by time period would be great.  While I'm dreaming, I'd also like 
the ability of limiting the services forwarding fuction to specific ip's 
instead of the firewall blindly forwarding selected ports over to another 
machine, like now I forward ssh port 22 to my Linux machine but have to 
maintain specific rules on that machine of where I can connect from, same 
with port 80 to a second machine.

Can anyone think of more :)